Firefox – gHacks Technology Newshttps://www.ghacks.net
The independent technology news blogMon, 19 Mar 2018 14:24:24 +0000en-UShourly1https://wordpress.org/?v=4.9.4Firefox's Password Manager has a flaw, but it will be fixedhttps://www.ghacks.net/2018/03/19/firefoxs-password-manager-has-a-flaw-but-it-will-be-fixed/
https://www.ghacks.net/2018/03/19/firefoxs-password-manager-has-a-flaw-but-it-will-be-fixed/#commentsMon, 19 Mar 2018 06:37:03 +0000https://www.ghacks.net/?p=142468You may save passwords in the Mozilla Firefox web browser; the functionality is enabled by default, and you are prompted to do so when Firefox recognizes that you typed a username and […]

]]>You may save passwords in the Mozilla Firefox web browser; the functionality is enabled by default, and you are prompted to do so when Firefox recognizes that you typed a username and password to sign in.

Firefox users may enable a master password to protect the passwords with encryption so that local actors may not just access the password database. You control password storage on about:preferences#privacy.

If you don't want Firefox to save passwords, you just uncheck "Remember logins and passwords for websites" and that is that. To set up a master password, check the box "use a master password" and follow the wizard to make use of encryption to save your passwords.

Adblock Plus mastermind Wladimir Palant analyzed Firefox's master password code recently and discovered that the master password implementation in Firefox and other products that share code with Firefox such as Thunderbird, has a weakness.

However, when I looked into the source code, I eventually found the sftkdb_passwordToKey() function that converts a password into an encryption key by means of applying SHA-1 hashing to a string consisting of a random salt and your actual master password. Anybody who ever designed a login function on a website will likely see the red flag here.

While Firefox's implementation is speedy, it at the same time makes brute forcing the master password speedy as well. Palant suggests that attackers could compute up to 8.5 billion SHA-1 hashes per second using a single Nvidia GTX 1080 video card and that it would take about a minute to crack average master passwords because of that.

While stronger passwords would extend the time it takes to attack the master password, attackers with enough time or resources would eventually be able to crack most master passwords that are in use.

The master password does protect against unsophisticated attempts to access the password database, however.

A bug was added to Mozilla's Bugzilla website nine years ago that highlighted the issue. Justin Dolske's suggestion back then was to increase the iteration count to increase the time it takes to run brute force attacks against the master password of Firefox.

A higher iteration count would make this more resistant to brute forcing (by increasing the cost of testing password), the PKCS#5 spec suggests a "modest value" of 1000 iterations. And that was 10 years ago. :)

Palant posted a message to the bug which revived it from limbo. Several Mozilla employees and developers replied, and it looks as if the issue will be handled after all.

Robert Relyea suggested to change the iteration count to address the issue. This would improve the security of the master password without affecting stored passwords in the database.

Mozilla launched an alpha of Lockbox, a new password manager for Firefox, recently. The organization released the alpha as a browser extension for testing purposes but Lockbox could replace the default password manager of the Firefox browser eventually.

One core difference between the current password manager of Firefox and Lockbox is the reliance on a Firefox account of the latter.

Closing Words

So, what should you do if you use Firefox's default password manager and have set up a master password? Most Firefox users probably don't have to worry about the issue as they won't encounter situations where someone will brute force the master password.

Those concerned about the issue may increase the length of the master password or switch to a different password manager for the meantime.

My personal favorite is KeePass, a desktop password manager, but you can use online solutions such as LastPass as well if you need easier syncing.

]]>https://www.ghacks.net/2018/03/19/firefoxs-password-manager-has-a-flaw-but-it-will-be-fixed/feed/16Mozilla Firefox 59.0.1 is a security releasehttps://www.ghacks.net/2018/03/16/mozilla-firefox-59-0-1-is-a-security-release/
https://www.ghacks.net/2018/03/16/mozilla-firefox-59-0-1-is-a-security-release/#commentsFri, 16 Mar 2018 13:53:41 +0000https://www.ghacks.net/?p=142420Mozilla plans to distribute an update to Firefox's stable channel today that brings the version to Firefox 59.0.1 on the stable channel. Firefox ESR is updated to version 52.7.2.to address the issue […]

]]>Mozilla plans to distribute an update to Firefox's stable channel today that brings the version to Firefox 59.0.1 on the stable channel. Firefox ESR is updated to version 52.7.2.to address the issue as well.

Update: The release is available and the security advisory page describes the issue as "Out of bounds memory write while processing Vorbis audio data".

While we do know that Firefox 59.0.1 includes security fixes, we don't know the nature of them yet. Mozilla has yet to publish the release notes for Firefox 59.0.1 which will be released here.

Firefox users need to wait a bit longer before Mozilla releases the update. The browser will pick it up through its automatic updating mechanism if it has not been disabled or modified.

Users can run a check for updates with a click on Menu > Help > About Firefox. Firefox should pick up the new version if it is available to download and install it on the computer system.

The release is already on Mozilla's FTP server; download sites have picked it up already and are distributing it. Firefox users need to know, however, that it happened in the past that last minute issues or changes resulted in the release of another build.

Generally speaking, it is not recommended to install unreleased stable builds from Mozilla's FTP server.

While we don't know yet what the security release fixes, one possible explanation is that it addresses issues discovered during the Pwn2Own 2018 hacking content.

Firefox was targeted by Richard Zhu who managed to take full control over Firefox by using an out-of-bounds write in the browser followed by an Integer overflow in the Windows kernel.

All vulnerabilities used or discovered during the event are passed on to the companies that create or maintain the products.

Mozilla would have to have prior knowledge of the issues used to exploit the browser to release a patch on the same day.

The security advisory page has not been updated yet. The release notes may very well only inform users that security vulnerabilities have been patched.

]]>https://www.ghacks.net/2018/03/16/mozilla-firefox-59-0-1-is-a-security-release/feed/23Save In: use multiple download folders in Firefox or Chromehttps://www.ghacks.net/2018/03/15/save-in-switch-between-multiple-download-folders-in-firefox/
https://www.ghacks.net/2018/03/15/save-in-switch-between-multiple-download-folders-in-firefox/#commentsThu, 15 Mar 2018 17:06:38 +0000https://www.ghacks.net/?p=142387Save In... is a browser extension for the Firefox and Chrome web browser that you may use to add multiple download folders to Firefox or Chrome to switch between the folders when […]

]]>Save In... is a browser extension for the Firefox and Chrome web browser that you may use to add multiple download folders to Firefox or Chrome to switch between the folders when downloading files.

The extension supports additional functionality, a dynamic rules-based feature to rename or route downloads automatically based on rules you define.

All major web browsers use one download folder for file downloads. While you may change the download folder usually to any location you like, you have to change the folder manually each time you don't want to save files to that particular folder.

Maybe, you want to separate image downloads from other files, or download videos to another drive because of the size they have.

Download Managers offer that functionality, but if you don't want to install one, you may use a browser extension like Save In for that as well.

Different Save Folders in Firefox

Save In... automates the process of saving files to different folders in Firefox or Chrome. The current state of WebExtensions APIs prevents extensions from saving data to a location outside the default download folder automatically.

Save In suggests to use symlinks to bypass that restriction. It explains how that is done in the add-on options but the process is probably too complicated for most Firefox or Chrome users.

If you are on a Windows machine, you'd have to run the command mklink /D C:pathToSymlinkInDefaultDownloadDirectory d:\newPath to create a new symbolic link. This needs to be repeated for any save location that you add in the extension's options.

It is then a matter of selecting one of the available additional download locations to save files directory to the folders.

Several options are available to customize the functionality. The extension supports the saving of files, links, selected text bits, and the current page by default. You may add tabstrip saving to the list to save one or multiple tabs as well.

The extension does not display a save file dialog by default. You can enable that in the options, or hold down the Shift-key to display it only when you need it.

Save In... supports dynamic downloads next to regular downloads. The dynamic download functionality of the extension adds two new options to it that users may make use of.

The first renames downloaded files automatically, the second reroutes downloads. Both options are rules based. The developer highlights some examples on the GitHub project page. They demonstrate how to remove the "large" part of the filename of downloaded Twitter images, or how to add a file extension to files that don't have one.

Closing words

Save In... unlocks multiple download folders in Chrome and Firefox that you can switch between easily. Setup is fairly complicated thanks to WebExtension limitations which likely limits the reach of the extension significantly.

It is useful for Firefox or Chrome users who download a lot and save the downloaded files to different directories.

Bookmarks Organizer 2.0

Bookmarks Organizer 2.0 requires Firefox 59.0 or newer as it makes use of new functionality introduced in that version of the web browser.

The core functionality of the bookmarks management extension remains the same. You can run checks on all bookmarks to find duplicate, broken or redirecting bookmarks.

The extension lists all bookmarks with errors or warnings in its interface. The screenshot above highlights two redirecting bookmarks, and Bookmarks Organizer displays the redirect target conveniently in the results listing.

You may correct all redirects or delete all broken bookmarks with a click on the links in the interface, or manage bookmarks on a case by case basis. Just hover over any result to display options to delete the bookmark, correct the redirect, or edit the bookmark.

Bookmarks Organizer 2.0 features many under-the-hood improvements. One complaint that some users had when version 1.0 of the extension was released was that the checks did not stop sometimes. Pre-Firefox 59 WebExtensions had no means to terminate these requests which in turn meant that users did not see any results as they were displayed after the scan to improve performance.

The new version of the Firefox extension uses request throttling to prevent too many request executions at the same time. The functionality may prolong the scan time but it reduces the number of false positives as fewer broken URLs are found during scans.

Other new features in Bookmarks Organizer 2.0:

Bookmark Separators no longer included in total number of bookmarks and results listings.

The keyboard shortcut moved to Shift-F11 to resolve a conflict.

Fixed the second bookmark check using a different method as it was not run sometimes.

Light performance improvements.

Translations for various languages available.

Closing Words

Bookmarks Organizer is a useful Firefox extension for Firefox 59.0 and newer installations. Firefox users who use bookmarks may find it useful to find broken and redirecting bookmarks to resolve the issues or remove bookmarks if they can't be resolved.

]]>https://www.ghacks.net/2018/03/14/bookmarks-organizer-2-0-for-firefox-released/feed/28Firefox 59.0 release overviewhttps://www.ghacks.net/2018/03/13/firefox-59-0-release-overview/
https://www.ghacks.net/2018/03/13/firefox-59-0-release-overview/#commentsTue, 13 Mar 2018 07:33:21 +0000https://www.ghacks.net/?p=142250Firefox 59.0 was offered to the stable channel of the browser on March 13, 2018. It is the second major update after the release of Firefox 57.0 Quantum which introduced major changes […]

]]>Firefox 59.0 was offered to the stable channel of the browser on March 13, 2018. It is the second major update after the release of Firefox 57.0 Quantum which introduced major changes across the board.

The release overview highlights all major and minor changes sorted into categories such as security or developer for easier accessibility.

All official channels are updated as well around the same time. Firefox Beta moves to Firefox 60, Firefox Nightly to 61, and Firefox ESR to 52.7.

Executive Summary

Firefox 59.0 download and update

Firefox 59.0 is available on Mozilla's website and through Firefox's automatic update system.

You can run a manual check for updates with a click on Menu > Help > About Firefox. This queries Mozilla's server and reveals if updates are available. You may use the menu to download and install the updates then.

Firefox 59.0 Changes

Privacy improvements

Firefox 59.0 includes a number of privacy enhancements. Users can load about:preferences#privacy and scroll down to the permissions section on the page that opens to control Location, Camera, Microphone and Notifications permissions.

A click on the settings button lists websites that you have allowed to access the feature and removal options.

Each page includes an option to block website and service requests automatically for that particular feature.

Useful if you don't want sites to request the functionality or if you find the request prompts annoying. The options are not entirely new, but their placement in the Firefox preferences is.

Firefox 59.0 Issues

Firefox users on devices running Windows 7 may notice crashes if they use accessibility services. Mozilla investigates and suggests that users load about:preferences#privacy and check "Prevent accessibility services from accessing your browser" there to prevent the crashes until the issue is resolved.

Security updates / fixes

Outlook

The next Firefox release day is May 8, 2018. Firefox Stable will hit version 60 and Firefox ESR is moved from version 52.x to 60.0. The upgrade ends support for legacy add-ons in the browser as Firefox ESR 52.x is the last official version of Firefox that supports the legacy add-on system.

]]>https://www.ghacks.net/2018/03/13/firefox-59-0-release-overview/feed/75Mozilla wants to do something about annoying in-page popupshttps://www.ghacks.net/2018/03/12/mozilla-wants-to-do-something-about-annoying-in-page-popups/
https://www.ghacks.net/2018/03/12/mozilla-wants-to-do-something-about-annoying-in-page-popups/#commentsMon, 12 Mar 2018 19:56:25 +0000https://www.ghacks.net/?p=142244In-page popups can be quite the annoyance on the Internet. These popups appear on the active page and not in form of a new windows displayed over or under the current browser […]

]]>In-page popups can be quite the annoyance on the Internet. These popups appear on the active page and not in form of a new windows displayed over or under the current browser window.

If you are long enough on the Internet, you probably encountered sites that threw these popups in your face already; the in-page popups are used to get you to subscribe to the site's newsletter, or inform you about a very special offer that expires soon.

Most popups include forms that require the email address and sometimes other data. Many have a visible close button in the top right corner, some another option to close the popup.

In-page popups are cause for the same set of annoyances as requests for push notifications: they get in the way of whatever the user is doing at the time, and they need to be closed or declined by the user as regular popup blockers don't block them.

Mozilla employee Ehsan Akhgari revealed on Twitter recently that Mozilla tries to find a way to deal with annoying in-page popups automatically.

Are you tired of seeing in-page popups like this? We're experimenting with a popup blocker to dismiss them automatically, and we're curating a dataset for it. If you know of a site that shows these kinds of popups, help us by submitting it here.

The link leads to a web form on Google Docs that users may submit samples of sites that use in-page popups.

Ehsan created the In-Page Pop-up Reporter extension for Firefox and Chrome to improve the reporting workflow.

Users can install the browser extension to report any site using in-page popups with just two clicks. A click on the extension icon displays a preview of the popup and the active Internet address. Users may add information to a text field to provide further information, for instance what they did before the popup was launched.

A click on the report button submits the data to Mozilla (likely via Google Docs).

Mozilla plans to "train a classifier" that detects in-page popups automatically opposed to maintaining a blocklist that requires constant attention.

Closing Words

In-page popups can be quite annoying if encountered regularly. Mozilla plans to run experiments to find out if a working in-page popup blocker can be created and integrated into Firefox.

Firefox users may use Screenshots to capture the entire visible area of a web page or a rectangle area of it. Users can save captured screenshots to the local system directly, copy screenshots to the Clipboard of the operating system, or use the integrated upload functionality to store them temporarily on Mozilla servers.

The new screenshot editing functionality is available already. Firefox users who upload screenshots to Mozilla's server may notice that Mozilla added image editing functionality to the online part of Screenshots.

You activate the functionality with a click on the edit icon on the page the screenshot is displayed on. This enables the editing functionality; all available image editing tools are displayed in the top right corner of the page:

Crop the image.

Pen to draw on the screenshot.

Highlighter to highlight specific areas of the screenshot.

Color Picker to select one of nine different colors.

Clear to undo changes.

The functionality is useful to make quick edits but it misses important editing options such as blur, select, or changing the pen's size. You may zoom in and out using Ctrl-mousewheel.

A click on the save icon saves the edited image, a click on cancel ignores all changes that you made using the image editing tools.

Firefox users had access to extensions like NativeShot to integrate screen capture functionality in the browser. NativeShot is not compatible with Firefox 57 Quantum.

Closing Words

Firefox's Screenshot tool is popular according to Mozilla. John Gruen, Product Manager of Firefox Test Pilot, revealed that Firefox users took more than 64 million screenshots since the integration in Firefox 56.

While it is too limiting for professional use in many cases, it works fine in other cases. Users may use it to quickly share what they see on the screen with others online, or save it to the local system for safekeeping. (via Sören Hentzschel)

Session Boss: save and restore Firefox tabs

Session Boss adds an icon to the Firefox toolbar when you install it. It requires several permissions, all of which are explained by the developer on the add-ons website.

The extension saves tabs automatically in 15 minute intervals and if that is all you want, you don't have to interact with Session Boss at all other than opening its interface when you need to restore tabs.

You may save tabs manually as well. It takes two clicks to save the active window or all windows, and the process itself is fast. While I did not test Session Boss with hundreds of open tabs, it worked well with a few dozen tabs open in the Firefox browser.

The extension displays three backup lists in its interface. It lists user sessions and auto backup sessions separately, and lists all sessions as well.

Each features a search and various sort options to find sessions quickly if plenty are listed. You may sort by time, group or name. The latter is useful if you use Session Boss' rename functionality to name saved sessions.

Session Boss lists all saved windows and tabs of the selected session. You can click on any address to open it individually, or use controls to restore all tabs at once.

Session Boss supports lazy load; windows and tabs are restored over a short period of time to avoid slow downs or freezes while the operation is in process.

Cookies are preserved by the extension. In fact, the only data that is not preserved is the navigation history due to API limitations. Restoration of internal tab pages is limited as well due to APIs. Session Boss lists internal pages like about:addons but it cannot restore them. You may copy and paste the URLs to restore them as Session Boss keeps track of those.

Closing Words

Session Boss is a well-designed extension for Firefox to save windows and tabs manually or automatically. I did not run into any issues while using the extension but would like to see some options added to it; for instance, an option to change the interval of the automatic backup could be useful.

]]>https://www.ghacks.net/2018/03/12/save-and-restore-firefox-tabs-with-session-boss/feed/13Firefox 60 ships with Windows Group Policy Supporthttps://www.ghacks.net/2018/03/10/firefox-60-ships-with-windows-group-policy-support/
https://www.ghacks.net/2018/03/10/firefox-60-ships-with-windows-group-policy-support/#commentsSat, 10 Mar 2018 07:54:45 +0000https://www.ghacks.net/?p=142189Mozilla is working on integrating Group Policy Support for Firefox running on Windows devices in the upcoming Firefox 60 release. Firefox 60 is the next Extended Support Release of the web browser […]

]]>Mozilla is working on integrating Group Policy Support for Firefox running on Windows devices in the upcoming Firefox 60 release.

Firefox 60 is the next Extended Support Release of the web browser which replaces Firefox ESR 52.x, the last official version of Firefox to support the old extensions system. Mozilla made Firefox 60 the next ESR target and not Firefox 59.

Mozilla Firefox supports an automatic configuration system for Firefox installations already using autoconfig files which works on any supported desktop platform.

The new Policy Engine in Firefox reads data from the Registry created by Group Policy Objects and applies the policies if found to be valid.

Development bug 1433136 documents the implementation progress and bug 1433173 work on the Policy Engine.

Firefox 60: the policies

All available policies are listed under Computer Configuration > Administrative Templates > Firefox and User Configuration > Administrative Templates > Firefox after the policy template files are added to the relevant directories on Windows.

Block About Support -- prevents access to the troubleshooting page about://support.

Block Set Desktop Background -- users cannot set the wallpaper of the desktop using Firefox.

Create Master Password -- prevent the creation of a master password.

Disable Update -- block Firefox from updating.

Disable Developer Tools -- turn off the Developer Tools in the browser.

Disable Firefox Accounts -- prevent sign-in to accounts and syncing.

Disable Firefox Screenshots -- turn the Screenshots tool off.

Disable Firefox Studies -- turn participation in Firefox studies off.

Disable Form History -- prevent Firefox from remembering the form history.

Disable Pocket -- turn off Pocket in Firefox.

Disable Private Browsing -- block Private Browsing functionality.

Display Bookmarks Toolbar -- show the Bookmarks Toolbar by default.

Display Menu Bar -- show the Menu Bar by default.

Don't Check Default Browser -- block checks for default browser.

Homepage -- set a homepage (or multiple), and optionally disallow the changing of those.

Remember Passwords -- allow or disallow the saving of passwords.

Bookmarks -- Set default bookmarks.

Permissions: Addons -- Allow addon installation on specified URLs.

Permissions: Cookies -- Set URLs to allow or block cookies on.

Permissions: Flash -- Set URLs to allow or block Flash on.

Permissions: Popups -- Allow popups on selected sites.

Note that the template file and integration is a work in progress and that additional policies will be supported when Firefox 60 launches. This may include network.proxy, data reporting, or update policies according to Mike Kaply, a developer who works on the implementation.

Closing Words

Integration with Group Policy on Windows machines should make things a lot easier for system administrators who deploy Firefox on a computer network. Regular Firefox users may use the policies as well to modify certain browser settings.

]]>https://www.ghacks.net/2018/03/10/firefox-60-ships-with-windows-group-policy-support/feed/19A look at NordVPN's browser extensionshttps://www.ghacks.net/2018/03/08/a-look-at-nord-vpns-firefox-extension/
https://www.ghacks.net/2018/03/08/a-look-at-nord-vpns-firefox-extension/#commentsThu, 08 Mar 2018 13:15:36 +0000https://www.ghacks.net/?p=142160NordVPN is a fairly popular VPN service provider that supports many of the features that users come to expect from a service of its kind this day and age. It claims that […]

]]>NordVPN is a fairly popular VPN service provider that supports many of the features that users come to expect from a service of its kind this day and age.

It claims that it has a strict no logging policy, allows P2P traffic, offers servers in a lot of countries and regions, and does not restrict user bandwidth.

The company released an add-on for the Firefox and Chrome web browsers which customers may install and use. While one could argue that there is no need for a browser add-on if NordVPN is installed on the computer and running, there are cases were an add-on may be preferred by users.

To name a few: you may not be able to install NordVPN in restricted environments, but may be able to use the browseradd-on. Using the extension gives you an option to connect to a different server, and even use some sort of double-connection to NordVPN if you are connected using the desktop program as well.

The NordVPN extension

NordVPN is compatible with Firefox 42 or later according to the extension's profile page on the Mozilla website. It is fully compatible with recent stable versions of the web browser and should install fine as well when you run Firefox ESR.

Chrome users can download and install the Chrome version of the extension for all supported versions of the browser.

The extension adds an icon to the browser's toolbar that you interact with. You need to sign in using your NordVPN username and password. Doing so can be a bit tricky if you copy and paste information, as the interface closes itself when the browser window loses focus.

You may then select one of the available server locations to connect to. The connection process works well but the interface opened with a delay when I tested the extension in the most recent Firefox and Chrome stable versions.

It took a second or two to open; now, I'm not sure if this was caused by another extension running in the browser or an app on the system, but it is definitely annoying even though you won't open the interface a lot usually.

The icon indicates the connection status, and you may configure the extension to connect to a server automatically on browser launch.

CyberSec -- disabled by default. The feature protects against many forms of advertising, malware, phishing, DDOS attacks and other unwanted threats when enabled.

I ran a series of leak tests and performance benchmarks. The extension protects the device IP address; leak tests picked up the VPN server IP address and not the actual IP address of the device.

Benchmark returned good results for the most part; the performance of nearby servers was better usually than the performance of servers halfway across the world. Performance depends on a number of factors though including server location, the actual server, time of day, the computer's Internet connection, the responsiveness and speed of servers you connect to, and more.

Reviews on the Firefox add-ons website indicate that the add-on causes connection issues. Several users reported connectivity issues to VPN servers after some time which stopped all Internet traffic in the browser. Only a reconnection helped to regain connectivity.

I noticed this issue as well but not regularly (also in the NordVPN desktop client).

Closing Words

The NordVPN extension for Firefox and Chrome has some uses even if you connect to the VPN service using the desktop application that it provides. The extensions suffer from the connectivity issues that you may experience while you run it but it is unclear how widespread the issue really is.

The browser extensions offer similar functionality but development is not synchronous. The Chrome version's last update date is listed as February 15, 2018, the last update date for the Firefox extension is listed as March 7, 2018.

]]>https://www.ghacks.net/2018/03/08/a-look-at-nord-vpns-firefox-extension/feed/24A history of Fingerprinting protection in Firefoxhttps://www.ghacks.net/2018/03/01/a-history-of-fingerprinting-protection-in-firefox/
https://www.ghacks.net/2018/03/01/a-history-of-fingerprinting-protection-in-firefox/#commentsThu, 01 Mar 2018 12:57:32 +0000https://www.ghacks.net/?p=142011Fingerprinting is a common technique used predominantly by advertising agencies and marketing companies to track people on the Internet. Mozilla introduced the preference privacy.resistFingerprinting in Firefox 41 as part of the Tor […]

These preferences are set to disabled by default usually as they may break things on the Internet.

Fingerprinting protection

Fingerprinting protection is disabled by default in Firefox as it may cause quite a few issues currently when enabled.

Firefox users may notice, for instance, that they cannot install extensions on AMO using the default method thanks to the integrated User Agent spoofing in fingerprinting protection (Mozilla AMO reads the version of the browser as Firefox 52.x regardless of the actual version of the browser).

Firefox users can enable fingerprinting protection in the following way:

Load about:config?filter=privacy.resistFingerprinting

Double-click on the preference.

A value of True means that the protection is enabled.

A value of False that it is disabled.

Fingerprinting protection started with basic protective features, but changes in recent versions of Firefox added a significant number of additional protections to the privacy feature.

The Ghacks User JS team keeps track of these changes on the project's GitHub page. You find the most important changes and the Firefox version they are implemented in below:

Mozilla maintains an incomplete list of information that is blocked or spoofed on the company's support website.

You have granted the website permission.
Your timezone is reported to be UTC
Not all fonts installed on your computer are available to webpages
The browser window prefers to be set to a specific size
Your browser reports a specific, common version number
Your keyboard layout and language is disguised
Your webcam and microphone capabilities are disguised.
The Media Statistics Web API reports misleading information
Any Site-Specific Zoom settings are not applied
The WebSpeech, Gamepad, Sensors, and Performance Web APIs are disabled

The GitHub page lists reported issues and follow-ups as well as pending changes as well.

]]>https://www.ghacks.net/2018/03/01/a-history-of-fingerprinting-protection-in-firefox/feed/30Mozilla discontinues support for Firefox extension beta versionshttps://www.ghacks.net/2018/03/01/mozilla-discontinues-support-for-firefox-extension-beta-versions/
https://www.ghacks.net/2018/03/01/mozilla-discontinues-support-for-firefox-extension-beta-versions/#commentsThu, 01 Mar 2018 07:31:35 +0000https://www.ghacks.net/?p=142003Jorge Villalobos announced on the official Mozilla Add-ons blog today that Mozilla will stop supporting beta versions of extensions. Firefox add-on developers could upload beta or development versions of their extensions to […]

]]>Jorge Villalobos announced on the official Mozilla Add-ons blog today that Mozilla will stop supporting beta versions of extensions.

Firefox add-on developers could upload beta or development versions of their extensions to the same channel the release add-on was offered on. This gave users of the add-on options to test upcoming features and changes, and assist the developer by reporting issues.

Beta versions of extensions were listed under Version History on an add-ons page on Mozilla AMO. Firefox users interested in installing beta versions could click on the link to list available beta versions and install one of them in the browser.

Villalobos notes that the system suffered from problems that affected the user experience and the complexity of the AMO code.

From a user perspective, the main issue was that there was no option to migrate from the beta channel to the release channel through updates. This may not have been a huge problem for regularly maintained beta channels, but it could pose issues for users if a developer abandoned the beta channel.

The developer had to communicate to users that the beta was no longer maintained and that users had to install the stable version of the extension so that they would receive continued updates.

The beta versions feature added complexity to the AMO code, and general use was fairly low according to Villalobos.

Mozilla made the decision based on these reasons to discontinue support for beta versions attached to release versions of extensions. Support ends in March 2018, and developers are asked to self-host beta extensions instead.

While that may mean additional work for developers to get things set up, it enables them to take advantage of features that self-hosted extensions support but Mozilla AMO does not.

One major feature enables them to move users between channels so that it becomes less likely that users get stuck on the beta or development channel of an extension.

While it is too early to judge the impact of Mozilla's decision, add-on developers might consider creating a new add-on on AMO to host the beta version instead. The developer of uBlock Origin did that when the news broke but pulled the add-on again in the meantime and hosts it now on the official GitHub page of the project.

This solution, to separate stable and beta add-ons on AMO, is not advised as it may lead to confusion when users search for extensions and because it makes it impossible to switch users between channels.

Closing Words

The move looks on first glance like another bad decision on Mozilla's part, another feature that gets removed. I think the change is reasonable, however, but that it could have been communicated better. Developers will have to spend time setting the new system up but it gives them more control over the channels.

Mozilla could have communicated the change better, something that the organization still needs to work on in my opinion.

]]>Mozilla added a new customization option to Firefox 60 that gives an option to users of the web browser to disable the browser's Firefox Sync integration.

Firefox Sync is a data synchronization service that is integrated into the Firefox browser. Users need to sign up for a Firefox Account to use it and may then sync some data with the cloud and other connected devices.

Sync evolved over the years; it started out as an add-on for the Firefox web browser but was built-in Firefox eventually to reach a larger audience by exposing the feature to all users of the browser.

Firefox Sync is the primary option to sync data such as passwords, bookmarks or the browsing history across devices. It is great for Firefox users who run the browser on multiple devices and for users who want to back up important data in the cloud.

Firefox users who don't use Firefox Sync are exposed to it in the browser, however. The main menu lists a Sync option prominently (Sign in to Sync) and the options have an entire section dedicated to synchronization. If you display the menu using the Alt-key, you find Sync listed under Tools as well there.

Disable Firefox Sync integration

Mozilla added a new preference in Firefox 60 that gives you the option to disable Sync so that it wo't show up in the main menu, in the preferences, or under Tools.

]]>https://www.ghacks.net/2018/02/28/firefox-60-disable-firefox-sync-integration/feed/22Mozilla removes individual cookie management in Firefox 60 from preferenceshttps://www.ghacks.net/2018/02/26/mozilla-removes-individual-cookie-management-in-firefox-60/
https://www.ghacks.net/2018/02/26/mozilla-removes-individual-cookie-management-in-firefox-60/#commentsMon, 26 Feb 2018 06:55:04 +0000https://www.ghacks.net/?p=141878The most recent version of Firefox Nightly, currently at version 60, comes with changes to Firefox's cookie management. Mozilla merged cookie settings with site data in the web browser which impacts how […]

]]>The most recent version of Firefox Nightly, currently at version 60, comes with changes to Firefox's cookie management. Mozilla merged cookie settings with site data in the web browser which impacts how you configure and manage cookie options.

If you run Firefox 59 or earlier, you can load about:preferences#privacy to manage privacy related settings in Firefox. If you set the history to "use custom settings for history" or "remember history", you get an option manage cookie settings and to remove individual cookies from Firefox.

A click on the link or button opens a new browser window in which all set cookies are listed. You can use it to find set cookies, look up information, remove selected or all cookies.

Update: Some commenters stated that Firefox users may still manage individual cookies in the following ways for now:

Load chrome://browser/content/preferences/cookies.xul to display the dialog.

Click on the information button in the Firefox address bar, and navigate to "right arrow" > More Information > View Cookies. Erase the site name to list all set cookies.

Use the keyboard shortcut Ctrl-Shift-I to open the Developer Tools and switch to the Storage tab (enable it under settings if it is not there). This lists only the cookies for the active site.

Check out this post on Reddit by the creator of the change to better understand why Mozilla made it.

Mozilla engineers changed this in recent versions of Firefox 60 (currently on the Nightly channel).

If you open the privacy section of about:preferences, you may notice the following:

History lists only three options. The "accept cookies from websites" option is no longer listed under History.

A new Cookies and Site Data section is available. It lists the cookie preferences that were listed under History in previous versions.

The "show cookies" link has been removed from the history. It is replaced by a combined management option that includes Site Data and cookies.

Cookie settings moved from "use custom settings for history" to a better location in the preferences. Firefox users who did not select the custom option were probably never exposed to the cookie preferences in first place. Also, all options but one that existed previously are still there, some, however, under a different name.

There is no "show cookies" button anymore; Mozilla moved it to Settings under "Cookies and Site Data". A click on the button displays the new management interface. It looks similar to the cookie management interface of previous versions of Firefox but includes storage as well now.

The interface lists sites and the number of set cookies and used storage, as well as the time the site was accessed the last time in the browser.

While the new interface looks great, you may notice that it is no longer possible to list or remove individual cookies from Firefox using it.

As per our UI concept in bug 1421690 and (finally) following the spec guidelines (https://www.w3.org/TR/webstorage/#privacy) we'd like to merge the cookies settings into the "Site Data" section and move them to top-level.

This also means removing individual cookie management from about:preferences.

This is bad for users who want full control over cookies. While it is possible that Mozilla will implement the removed functionality before Firefox 60 hits the stable channel, Firefox users may use extensions to restore the functionality. Check out our updated Firefox cookies management guide for a list of extensions that support Firefox 57 and newer, and Firefox 56.x and older.

]]>https://www.ghacks.net/2018/02/26/mozilla-removes-individual-cookie-management-in-firefox-60/feed/142Block YouTube Channels, Videos and comments with Video Blockerhttps://www.ghacks.net/2018/02/25/block-youtube-channels-videos-and-comments-with-video-blocker/
https://www.ghacks.net/2018/02/25/block-youtube-channels-videos-and-comments-with-video-blocker/#commentsSun, 25 Feb 2018 18:07:22 +0000https://www.ghacks.net/?p=141870YouTube is an excellent resource for video content, but it is also plagued by spam, trolls, and lots of video content that you dislike. The trending and recommended video sections on the […]

]]>YouTube is an excellent resource for video content, but it is also plagued by spam, trolls, and lots of video content that you dislike. The trending and recommended video sections on the YouTube homepage, and the suggestions that YouTube lists in the sidebar on video pages may contain content that you would never watch.

We talked about Video Blocker before here in Ghacks We reviewed the Video Blocker extension for Chrome back in 2014 and found it to be an effective weapon against videos on YouTube that you don't want to see or be exposed to.

YouTube Video Blocker for Firefox

The Firefox add-on Video Blocker by the same author was updated yesterday. It pretty much does what the Chrome extension does but since the last review dates back more than three years already, I figured it would be interesting to publish a review of the Firefox add-on as well.

The developer of the extension suggests using the new YouTube layout with the extension as the extension is less reliable if the old design is used.

The extension adds an icon to Firefox's toolbar installation which you interact with. It does not add icons or buttons to the YouTube page unlike other extensions for YouTube. The decision means that it is a bit less comfortable to use.

A click on the Video Blocker icon opens its interface. You may use it to add new channels, keywords or wildcards to the blocklist.

Channels -- Enter an exact channel name to block it on YouTube. The channel won't be displayed anymore in trending, recommendations and other sections on YouTube.

Wildcard -- This blocks channels as well but does not require the exact channel name. All channels that match the keyword you enter will be blocked.

Keywords -- This blocks individual videos and comments that match the entered keyword.

So, to block a channel, you'd select channels or wildcards from the menu, type the full or partial channel name in the text field, and select add to add the new rule to the blocklist. To block specific video titles, e.g., prank, football, star wars, spoiler, let's play, you'd select type the name, select keyword and hit the add button.

You manage the blocklist in the options. You find all blocked channels, wildcards and keywords listed there, a search to find items quickly if you have many, and an option to delete an item from the blocklist.

You may add items in the options as well which may be quicker than using the frontend for that. Also, there is an option to export the list and import it so that you may use it on multiple devices without having to create it from scratch each time.

The blocking worked well for the most part. I tried it in the newest Firefox Stable release, and the extension would block videos or channels from being shown on YouTube's front page. It did not block videos or channels in search, however. A search for a blocked channel would still display it and its videos.

Closing Words

Video Blocker is a handy extension for Firefox and Google Chrome, and compatible browsers, that blocks YouTube channels, videos based on titles, and comments based on keywords on the site. While the blocking is not perfect, it still works considerably well most of the time.

]]>Mozilla plans to launch a new feature in Firefox 60 that upgrades optionally-blockable mixed content on HTTPS sites to HTTPS if possible.

The migration to an HTTPS powered World Wide Web is in full swing. One of the byproducts of the migration is that some sites may load HTTPS and HTTP content. This is called Mixed Content and it is undesirable as it reduces security and privacy if loaded.

Mixed Content is divided into blockable and optionally-blockable content. Modern web browsers block any content that may interfere with the display of data on HTTPS web pages if it is loaded using HTTP.

Think of a script that is loaded from an HTTP resource on an HTTPS site. Browsers don't block optionally-blockable content usually on the other hand. This is static content such as images or videos that can't interfere with the web page or data directly.

Firefox displays a different lock symbol on sites with mixed content that is optionally blockable. The browser displays a green lock symbol on HTTPS sites without mixed content.

While optionally-blockable mixed content is less dangerous than blockable mixed content, it is still problematic from a privacy point of view.

HTTPS upgrade for Mixed Content in Firefox

Mozilla Firefox 60 includes a feature that changes the browser's behavior when it comes to mixed content that is optionally blockable.

Firefox attempts to load mixed content that is optionally blockable from HTTPS domains instead of the referenced HTTP domains. If the resource cannot be loaded, it is not displayed at all. This can lead to image, video or audio content not being shown correctly in the browser because of the change.

The limitation is likely the main reason why Mozilla won't activate the feature by default in Firefox 60.

The feature won't be enabled by default in Firefox 60 but users can set it to enabled in the following way:

]]>https://www.ghacks.net/2018/02/24/firefox-60-https-upgrade-for-mixed-content/feed/20Search across all Firefox tabs with Search Multi Tabshttps://www.ghacks.net/2018/02/23/search-across-all-firefox-tabs-with-search-multi-tabs/
https://www.ghacks.net/2018/02/23/search-across-all-firefox-tabs-with-search-multi-tabs/#commentsFri, 23 Feb 2018 10:49:30 +0000https://www.ghacks.net/?p=141833Search Multi Tabs is a new extension for the Firefox web browser that enables you to search across all open Firefox tabs at once. Veteran Firefox users may remember extensions such as […]

]]>Search Multi Tabs is a new extension for the Firefox web browser that enables you to search across all open Firefox tabs at once.

Veteran Firefox users may remember extensions such as Tabby2 from 2011, Findbar Tweak from 2013 or Hugo Search All Tabs from 2013 which offered the same functionality. All of these extensions are not compatible with Firefox 57 anymore as Mozilla removed support for the classic add-on system in that release.

Search Multi Tabs

Search Multi Tabs is the first WebExtensions-based extension for Firefox that supports searching across all open Firefox tabs.

The extension adds a new sidebar to Firefox when you install it. It opens automatically after installation but no shortcut key is mapped to it. You may use the extension's icon to open the search interface. Use the View menu of the menubar (press the Alt-key to display it), or an existing shortcut such as Ctrl-B, to open the sidebar alternatively.

Search works as you'd expect it to. Enter a search term and hit the search button to get started. Search Multi Tabs searches all open tabs and displays the hits in its interface.

It displays the favicon and title of the page, and buttons that you may use to interact with it. Use the buttons to reload a tab, close it, duplicate it or to erase the list. Buttons are provided to go to the first tab or to open a blank tab.

Hits on the page are listed below each entry which you may click on to jump to that position directly.

A click on details displays search parameters that you may modify. The extension searches the body by default, and you may enable "highlight", "entire word" and "case sensitive" parameters for that search type.

You may switch to "title or URL only", and also include private browsing tabs in the search.

The extension searches loaded pages only. If Firefox is configured to lazy load tabs, only those that are loaded will be searched.

Closing Words

Search Multi Tabs is a useful extension for the Firefox web browser to run searches across all open tabs in the Firefox web browser. Firefox users who open lots of tabs in the browser may find it more useful than users who run one or only a handful of tabs at a time.

]]>https://www.ghacks.net/2018/02/23/search-across-all-firefox-tabs-with-search-multi-tabs/feed/5Bitdefender TrafficLight for Firefox version 2.0 releasedhttps://www.ghacks.net/2018/02/22/bitdefender-trafficlight-for-firefox-2-0-released/
https://www.ghacks.net/2018/02/22/bitdefender-trafficlight-for-firefox-2-0-released/#commentsThu, 22 Feb 2018 19:41:08 +0000https://www.ghacks.net/?p=141821Security company Bitdefender has releaser Bitdefender TrafficLight for Firefox 2.0, a security extension for Mozilla's Firefox web browser today. The new version of Bitdefender TrafficLight for Firefox is the first version that […]

The new version of Bitdefender TrafficLight for Firefox is the first version that is based on the WebExtensions system.

It introduces new functionality such as whitelist functionality and a system and design update among other new features.

Bitdefender Trafficlight

Bitdefender Trafficlight for Firefox is a standalone browser extension; a running Bitdefender security solution is not required to use the program.

The main feature of the browser extension is to inform you about the detected security level of web pages that you open in the browser.

This works similarly to how other security extensions handle it; whenever you load a site in Firefox, Bitdefender TrafficLight checks with Bitdefender to find out whether the page is flagged.

The extension displays a green icon for safe pages and a red icon for potentially malicious or risky pages. The extension checks each page for malware, phishing or fraud flags and reports its findings to you on page load.

Bitdefender TrafficLight displays its safety icons on supported search engines as well. It works on some search sites only; while you get the icons on Google Search, Yahoo Search, DuckDuckGo and Bing, you don't get them on Startpage, Yandex, or Baidu.

The extension adds the icon in front of the page title in the results. One issue that you may have with that is that this makes identification difficult on some search engines. DuckDuckGo, for instance, displays icons of the site as well which may lead to confusion and mistakes.

The third and final reporting feature that Bitdefender TrafficLight for Firefox supports is the extension's tracker detection feature. The extension detects loaded trackers and lists them in its interface.

The tracker feature is limited to the detection of trackers; functionality to block some or all trackers is not available.

The extension's settings page lists options to turn of any of the core features of the security extension. It does not make much sense to disable all three but you may use it to disable redundant functionality or features that you don't require. The Tracker Detector is probably the feature that is turned off the most considering that it is not overly useful (other than to reveal how many trackers a site uses).

You may add sites to the whitelist. BitDefender TrafficLight won't check sites that you add to the whitelist.

Closing Words

BitDefender TrafficLight for Firefox offers security readings for sites that you visit and sites listed by supported search engines. The extension is an informational tool only, it does not block you from visiting flagged sites.

The extension does display an intermediary page when you visit a flagged site. You can still proceed or whitelist the URL in question.

The newest version of the extension worked well during tests. The checking of individual visited pages and search results did not slow down the rendering of these pages noticeably. Some users reported higher CPU use after installing the extensions on some sites but I did not experience any of that.

]]>https://www.ghacks.net/2018/02/22/bitdefender-trafficlight-for-firefox-2-0-released/feed/18Dark Reader dark theme extension for Firefoxhttps://www.ghacks.net/2018/02/21/dark-reader-dark-theme-extension-for-firefox/
https://www.ghacks.net/2018/02/21/dark-reader-dark-theme-extension-for-firefox/#commentsWed, 21 Feb 2018 06:15:12 +0000https://www.ghacks.net/?p=141786Dark Reader is a popular browser extension for Google Chrome which its developer, Alexander Shutov, released for Mozilla Firefox recently. The basic idea of the extension is to turn any website design […]

]]>Dark Reader is a popular browser extension for Google Chrome which its developer, Alexander Shutov, released for Mozilla Firefox recently.

The basic idea of the extension is to turn any website design to a dark theme design for better readability especially at night when too bright sites become harder to look at.

Dark themes are quite popular and users who want to use them on sites have multiple options. Common options include installing extensions or userstyles for the purpose.

Dark Reader is an open source extension that is available for Chrome and now also for Firefox.

Dark Reader

Dark Reader changes the color scheme of any site you visit to a dark one by default. It adds an icon to Firefox's toolbar which you can activate to interact with the extension.

You can toggle the functionality on the activate site or disable the extension's functionality there.

The extension supports two main modes: the first changes the theme of any site automatically to a dark one while the second does not. It switches to a dark theme only for selected sites that you have whitelisted in the program options.

Dark Reader comes with the handy shortcut Alt-Shift-A to add sites to that list. This shortcut does not work properly in Firefox however as the Alt-key is mapped to the menu bar. So, instead of adding a site to the Dark Reader listing, you open the Firefox menu bar instead.

Considering that this is the first version for Firefox, it is probably only a matter of time before this gets fixed.

Dark Reader displays some customization options when you activate the menu. You can switch between dark and light mode, and can change brightness, contrast, grayscale and sepia values individually.

A switch to the font menu displays options to change the font type but not other font related values such as size.

The final tab, sites list, lists all sites that you added to the extension. There you may also switch from "apply the dark theme to all sites" to "apply it only to sites that I have added".

The dark layer that the extension applies to sites works fine on most sites you visit. If a site needs work in particular, you can either disable it so that it won't get the dark theme treatment, or report the issue to the developer in hope that he will address the issue in future versions.

Obviously, you could also install a userscript or userstyle for particular sites and use these in combination with Dark Reader.

Closing Words

Dark Reader is a powerful extension that brings a dark mode to any site you visit in Firefox and Chrome. It features the right level of control with its ignore or whitelist only approach to things.

]]>https://www.ghacks.net/2018/02/21/dark-reader-dark-theme-extension-for-firefox/feed/25Firefox 60 with new preference to disable FTPhttps://www.ghacks.net/2018/02/20/firefox-60-with-new-preference-to-disable-ftp/
https://www.ghacks.net/2018/02/20/firefox-60-with-new-preference-to-disable-ftp/#commentsTue, 20 Feb 2018 08:15:50 +0000https://www.ghacks.net/?p=141770Mozilla plans to release Firefox 60 with a new preference to disable support for the FTP protocol. The preference is disabled by default so that FTP sites can still be accessed in […]

]]>Mozilla plans to release Firefox 60 with a new preference to disable support for the FTP protocol. The preference is disabled by default so that FTP sites can still be accessed in Firefox 60.

FTP, just like HTTP, is on its way out. Browser makers, site operators and hosting companies move to newer protocols that support encryption among other things to better protect user data against spying and manipulation.

FTPS, also known as FTP Secure, or FTP over SSL, is an extension to the FTP protocol.While most browsers support the FTP protocol, the same cannot be said for FTPS support.

Mozilla, for instance, never implemented the functionality officially in Firefox. In fact, the organization put the FTP protocol on life support more than 2 years ago when it began to resolve security issues exclusively.

Mozilla employe Patric McManus highlighted as much two years ago on Mozilla's official bug tracking site.

We are in a period where ftp is clearly deprecated and in general, making changes to the code is riskier than letting it ride unless there is a patch and reviewer available to make a good judgment about it. So I'm going to wontfix ftp bugs related to enhancements, interop errors, etc.. We will be better off putting our energy into including a different js based ftp stack.

While Mozilla has not set a date for the removal of the protocol yet, it is a given that Firefox will stop supporting the protocol at one point in time.

The first step towards the goal is the introduction of a new Firefox preference to disable the FTP protocol in the browser. The preference network.ftp.enabled is set to true which means that it has no effect on protocol support at this point in time. Firefox users and administrators who want to disable FTP can do so by setting it to false.

Make sure you run Firefox 60 or newer.

Load about:config?=network.ftp.enabled in the Firefox address bar.

Double-click on the preference to set it to false. This disables the FTP protocol in Firefox.

You can reset the preference at any time by double-clicking on it or right-clicking on it and selecting "reset" in the context menu.

Firefox redirects any attempt to load a FTP resource to the default search engine if the FTP protocol is disabled.

Closing Words

I'm worried about sites that do get left behind once browser makers decide to block HTTP or FTP. Not all sites or servers will be migrated, abandoned sites may not for instance, and it is unclear to me whether there will still be options to access these resources in future versions of the browsers.

Granted, it will take years before Mozilla, Firefox or Microsoft pull the plug but as it stands now, that day will come.

Active uBlock Origin Beta users on Firefox may wonder why the development build version was released as a new add-on and not on the beta channel of the primary uBlock Origin add-on listing.

Update: The extension is no longer available on AMO. It is now self-hosted and can be downloaded from the project's GitHub page.

From now on, the beta version will be signed and self-hosted here. If I did everything right, it should auto-update itself. You only need to click on the beta version file, uBlock0.webext.signed.xpi above. The stable version and the beta version auto-update independently of each other. If you still have 1.15.11b0, I believe you will have to manually install 1.15.11b1 from here for auto update to be enabled. Afterward, the beta version will auto-update itself when a new beta version become available.

uBlock Origin Development Add-on for Firefox

The decision means that developers cannot publish release and beta versions of add-ons using a single add-on listing anymore. Developers who maintain development and release channels of their extensions for Firefox need to create multiple add-on listings now to continue that practice.

Existing beta version users of uBlock Origin will be moved to the latest release version of the extension automatically once the stable version reaches a version that is greater than that of the beta version.

As per email, those using the beta version of uBO will be automatically moved to the latest release version of uBO when the release version become greater than the last version available in the beta channel.

Firefox users who want to use the development build version of uBlock Origin need to install uBlock Origin Dev Build, a new add-on, to do so. This version works just like the old beta version but is maintained now on a separate channel.

Since the extension is not linked in any way to the stable version (or vice versa), all settings and subscriptions will be set to default upon installation. Users who want to retain the settings need to use the extension's settings backup and restore functionality to address the limitation.

Here is how that is done:

Load about:addons in the Firefox address bar.

Activate the uBlock Origin options.

Select the "back up to file"option under Settings, and save the text document to the local system.

Remove the stable version of uBlock Origin from Firefox.

Install the development version of uBlock Origin instead.

Select "restore from file" in the uBlock Origin settings, and then the previously saved text file to import the settings again.

Closing Words

We don't know how many add-ons are affected by the change but it will change things around quite a bit: Mozilla AMO will list multiple versions of the add-on now instead of just one, users who run beta editions need to switch to development builds (if offered) to continue using these, and the separate listing of development add-ons may lead to the installation of these add-ons by users who wanted to install the stable version.

]]>Mozilla Firefox 60 and newer versions of the web browser support two new browser preferences that highlight HTTP websites as "not secure" in the browser's address bar.

HTTPS is pushed throughout the Web and many sites and services migrated to HTTPS already. Browser makers like Google or Mozilla prepare to mark HTTP sites and services as not secure which will give HTTPS adoption another push as sites may lose users if they are marked as not secure.

Let's Encrypt Data

Let's Encrypt data, which uses Firefox Telemetry data to get a read on pageloads over HTTP and HTTPS, saw global HTTPS connections at about 70% yesterday and US traffic at 78.6% already.

Closing Words

HTTPS adoption will improve in 2018, and one reason for that is that browser makers will mark HTTP pages as "not secure". Webmasters who don't want their sites to show up as insecure need to migrate to HTTPS. Considering that it takes some preparation to do so, especially for sites with more than a few dozen pages, it seems like a very good idea to start the migration asap if it has not started already.

]]>https://www.ghacks.net/2018/02/14/firefox-60-new-not-secure-indicator-preferences/feed/213P Request Blocker blocks all third-party requests in Firefoxhttps://www.ghacks.net/2018/02/09/3p-request-blocker-blocks-all-third-party-requests-in-firefox/
https://www.ghacks.net/2018/02/09/3p-request-blocker-blocks-all-third-party-requests-in-firefox/#commentsFri, 09 Feb 2018 10:40:48 +0000https://www.ghacks.net/?p=1412983P Request Blocker is a new add-on for the Firefox web browser designed to block all third-party requests by default in the browser. The description sounds a lot like NoScript, and while […]

]]>3P Request Blocker is a new add-on for the Firefox web browser designed to block all third-party requests by default in the browser.

The description sounds a lot like NoScript, and while the core functionality is the same, both extensions offer features that the other does not provide.

Third-party requests are all requests that a site makes that load content from third-party domains. The connection can be a subdomain of the domain or an unrelated domain name.

While some third-party requests are required for a site's functionality, think of content being loaded from a content delivery network, other requests are used to display advertisement, social media buttons, tracking scripts, or other often undesirable content.

3P Request Blocker for Firefox

3P Request Blocker adds an icon to the Firefox main toolbar that you interact with to control the loading of third-party resources on the active website you are on.

A click on the icon displays all third-party connections the page tried to make. Any connection that is not checked there has been blocked. You can allow connections by checking the sites and clicking on the apply button afterward.

Sites that you allow are added to the extension's whitelist by default. You can enable the setting of temporary permissions in the preferences which switches the checkbox layout to a radio button layout with block, allow and temp buttons for each site listed by the extension.

3D Request Blocker offers extensive options which you access with a click on the i-icon or from Firefox's about:addons page.

Block tracking/ads, Internet IP address and tracking/ads patterns automatically and don't show them on the menu.

The filter menu lists several interesting options which improve security while you browse the Internet.

Closing Words

3P Request Blocker is a powerful new content blocker for Firefox that users of RequestPolicy or Policeman may want to consider switching to as the extensions are no longer compatible with stable versions of Firefox.

The extension is compatible with other content blockers, e.g. uBlock Origin or AdBlock Plus.

Now You: Which security extensions do you use, and why? (thanks Robert)

]]>https://www.ghacks.net/2018/02/09/3p-request-blocker-blocks-all-third-party-requests-in-firefox/feed/30Here is what is new and changed in Firefox 58.0.2https://www.ghacks.net/2018/02/07/here-is-what-is-new-and-changed-in-firefox-58-0-2/
https://www.ghacks.net/2018/02/07/here-is-what-is-new-and-changed-in-firefox-58-0-2/#commentsWed, 07 Feb 2018 19:00:41 +0000https://www.ghacks.net/?p=141266Mozilla plans to release Firefox 58.0.2 to the stable channel in the next 24-hour period. The new version of the browser fixes two crash issues, a signature issue on Mac OS X […]

]]>Mozilla plans to release Firefox 58.0.2 to the stable channel in the next 24-hour period. The new version of the browser fixes two crash issues, a signature issue on Mac OS X devices, and issues on Microsoft's Hotmail and Outlook web mail service.

The new version of Firefox updates the release channel of the web browser. It is the second minor update following the release of Firefox 58.0 which was released on January 22, 2018.

Firefox 58.0.1 patched a critical security issue in version 58.0 and a blank page load issue on Windows for certain security configurations.

Firefox users can run a manual check for updates in the browser with a click on Menu > Help > About Firefox. Firefox should pick up the release (as soon as it is released officially), and download and install the update automatically on the system.

]]>https://www.ghacks.net/2018/02/07/here-is-what-is-new-and-changed-in-firefox-58-0-2/feed/45Firefox's upcoming bookmark sync improvements address long-standing issueshttps://www.ghacks.net/2018/02/05/firefoxs-upcoming-bookmark-sync-improvements-address-long-standing-issues/
https://www.ghacks.net/2018/02/05/firefoxs-upcoming-bookmark-sync-improvements-address-long-standing-issues/#commentsMon, 05 Feb 2018 19:03:00 +0000https://www.ghacks.net/?p=141216Mozilla introduced Sync functionality in Firefox a long time ago. Sync came in the form of the add-on Mozilla Weave first but was integrated into the Firefox web browser later on to […]

Mozilla changed how Sync works in Firefox with the release of Firefox 29 by switching over to a new account system that allowed authentication using an email address and password opposed to keys that the previous version of Sync required.

While the current version of Sync in Firefox works reliably, for the most part, some data sets proofed to be more error-prone than others in the past.

Firefox users who sync bookmarks may notice a number of issues associated with that.

Firefox bookmark syncing issues

An upcoming update to bookmark syncing in Firefox addresses the following issues that may occur when syncing bookmarks using Firefox Sync:

Partial downloads -- The current Sync in Firefox applies records to the database one at a time. Interruption, for instance by the dropping of the Internet connection, could lead to issues such as items showing up in the wrong folder or out of order.

Changes made during sync operations -- Changes that are made during a sync operation won't be included until the next sync run as bookmark syncing pulls changes once on start and not during the run.

Out-of-order downloads -- Bookmark children may be uploaded or download before parents which may lead to all kinds of issues, for instance that bookmarks get stuck in the "other bookmarks" folder as it is used by Firefox Sync as a temporary storage during the sync process.

Deduping -- Sync flattens the "local tree into a map of bookmark attributes" and uses it to detect and ignore bookmarks with similar attributes but different IDs. This map is not updated when bookmarks are changed during a sync, and it does not differentiate between local and server records.

Mozilla's solution

Changes to bookmark syncing address the issues listed above. The solution uses a mirror copy that matches the server so that data is not added to the database directly anymore.

Mozilla notes:

Structured application helps mitigate corruption caused by changes made during a sync, partial downloads, and out-of-order downloads. Instead of inserting downloaded bookmarks directly into the database, we store them in a “mirror” that matches the server.

We then walk the local tree and the mirrored remote tree, produces a new merged tree, and update the local tree to match the merged tree. Finally, we stage locally changed records in an outgoing buffer, upload the records, and update the mirror again to reflect what we just uploaded.

You can follow the bug on Bugzilla, or this bug which tracks when the feature is enabled by default in Firefox.

You can set the preference services.sync.engine.bookmarks.buffer to true to enable the functionality right now. I suggest you backup your bookmarks regularly if you do as this is still a work in progress at this point in time.

Closing Words

If you experienced issues with bookmark syncing in Firefox, especially issues such as bookmarks syncing not working reliably, bookmarks landing in the wrong folders or out-of-sync issues with bookmarks on different systems, you can expect that things will be better once the update lands.

]]>https://www.ghacks.net/2018/02/05/firefoxs-upcoming-bookmark-sync-improvements-address-long-standing-issues/feed/11Tab Mix Plus WebExtension Development Build is outhttps://www.ghacks.net/2018/02/04/tab-mix-plus-webextension-development-build-is-out/
https://www.ghacks.net/2018/02/04/tab-mix-plus-webextension-development-build-is-out/#commentsSun, 04 Feb 2018 12:31:29 +0000https://www.ghacks.net/?p=141192The author of the popular Firefox add-on Tab Mix Plus released the first version of the upcoming WebExtensions-based version of Tab Mix Plus yesterday. The extension is available under a new URL […]

]]>The author of the popular Firefox add-on Tab Mix Plus released the first version of the upcoming WebExtensions-based version of Tab Mix Plus yesterday.

The extension is available under a new URL on the Mozilla Add-ons Store to separate the classic add-on from the new.

The extension is a complete rewrite of the legacy add-on using the new WebExtensions system that Firefox supports. Mozilla dropped support for the classic add-on system in Firefox 57 Stable.

Tab Mix Plus WebExtension first look

The only functionality that the first development build of the Tab Mix Plus WebExtension offers is the Links functionality. You can use it to control links and link opening behavior only.

It is required to modify several preferences on about:config for much of the functionality provided as WebExtensions cannot modify existing Firefox preferences anymore.

The options of the extension list five Firefox preferences that users are asked to modify to unlock all available options.

Once done, the following options are provided:

Open links that open in a new window in: new tab, new window, current tab.

Use separate preference for links from other applications.

JavaScript and Popup restrictions: allows resize popups, open all popups in tabs, allow all popups.

Open tabs with middle-clicks.

Start downloads with Alt-Click.

Prevent blank tabs when downloaded files.

Force to open in new tab: all links, links to other sites.

Open links with a target attribute in current tab.

Open links with target to existing frame in the current tab.

Single window mode is not implemented yet. The WebExtension lacks support for events, sessions, mouse, display and menu functionality.

Closing Words

The release is an early development build and users of Tab Mix Plus should not get their hopes up just yet as it lacks pretty much all the functionality of the legacy add-on.

The author of Tab Mix Plus is held back by missing WebExtensions APIs. Many features of the legacy version of Tab Mix Plus are simply not supported by WebExtension APIs.

While some APIs exist already, others are still in development or not decided upon yet at all by Mozilla. Users of Tab Mix Plus are asked to vote for bugs on Mozilla's Bugzilla bug tracking website.

Still, the release of the WebExtensions-based version of Tab Mix Plus is a sign of life. While it is uncertain whether the WebExtensions version of Tab Mix Plus will support all the functionality of the legacy add-on, it appears that the developer of the extension will release a stable WebExtensions version eventually.

Now You: Do you think that a near feature complete WebExtension-based version of Tab Mix Plus will be released in the future?

]]>Mozilla plans to strip path information from the referer when visiting third-party sites starting in Firefox 59 Stable. The new feature applies to the browser's private browsing mode only.

Web browsers provide sites with information when connections are initiated. Part of this is the referer value which holds the path of the referring site.

When you click on a link, the URL the link was clicked on is sent as the referrer by default. The data reveals information to sites. While that is usually limited to the full URL a user came from, it sometimes may include critical information that users may not want to be shared with other sites.

Referer Path Stripping in Private Browsing

The Electronic Frontier Foundation discovered in 2015 that the site healthcare.gov was sending personal data to third-party sites through the referer.

The string revealed the user's age, zip code and state, income, and that she was pregnant and a smoker to linked third-party sites. While this may not be enough on its own to identify a user, one has to consider that sites may access a user's IP address and other information as well, and that is not taking scripts, and other means of finding out more about site visitor's into account.

Mozilla Firefox 59 will remove path information from the referer in Private Browsing mode when links lead to third-party websites.

Starting with Firefox 59, Private Browsing will remove path information from referrer values sent to third parties (i.e. technically, setting a Referrer Policy of strict-origin-when-cross-origin).

The healthcare.gov link above would be stripped to https://www.healthcare.gov/ so that third-party sites see only the referring domain but not the actual page or other information that may be part of URLs.

The stripping happens only in private browsing mode. Firefox users can start the special browsing mode with a click on Menu and the selection of New Private Window, or by using the shortcut Ctrl-Shift-P.

Add-ons provided Firefox users with options to strip or delete referer values for a long time. Users who prefer to have referring information stripped in regular browsing mode as well may check out extensions such as Smart Referer which does that.

Firefox users may also change the preference network.http.referer.userControlPolicy to the value 2 which means strict-origin-when-cross-origin. Check out the Ghacks user.js file on GitHub for additional information on that and related preferences.

The main advantage of using an extension or changing the value of the preference in Firefox's preferences is that Firefox will strip the data in regular browsing mode as well.

]]>https://www.ghacks.net/2018/02/01/firefox-59-referrer-path-stripping-in-private-browsing/feed/21Mozilla creates Shield study rules to avoid another Mr.Robot disasterhttps://www.ghacks.net/2018/01/31/mozilla-creates-shield-study-rules-to-avoid-another-mr-robot-disaster/
https://www.ghacks.net/2018/01/31/mozilla-creates-shield-study-rules-to-avoid-another-mr-robot-disaster/#commentsWed, 31 Jan 2018 15:31:38 +0000https://www.ghacks.net/?p=141133Mozilla created a set of guiding principles for Shield studies after it launched an analysis of the Looking Glass Shield study which went wrong on several levels. Looking Glass was released as […]

]]>Mozilla created a set of guiding principles for Shield studies after it launched an analysis of the Looking Glass Shield study which went wrong on several levels.

Looking Glass was released as a system add-on to Firefox which meant that users saw the add-on appear in the browser's add-on manager without them initiating the installation.

This appearance out of thin air was arguably the biggest complaint that users had and something that got them alarmed because it shared the characteristics of malware. The fact that the initial description and add-on name did not reveal anything about the add-on's purpose added to the confusion as well.

The description of the add-on read "MY REALITY IS JUST DIFFERENT THAN YOURS" and "PUG Experience Group" was listed as the creator. Nothing linked the add-on to Mozilla in Firefox's add-on manager.

Mozilla announced shortly after the study blew up in the company's face that it had pulled the study, uploaded the add-on to Mozilla's Add-on repository, and started an investigation to "better understand how and why this happened", and how the company "could do better" in the future.

Shield studies are used to A-B test things in the Firefox web browser. The studies are used to test small and big changes to Firefox, from simple icon or color changes to new features, to find out whether the majority of users that have been selected for the study like the changes, or not.

Studies help Mozilla make better decisions in regards to future changes and features in the Firefox browser.

This platform helps us make decisions on new product features, evaluate whether or not a technology update is stable, and generally helps us make sure that we can make good decisions in a responsible way.

Looking Glass did pass the privacy review as it did not collect any data. The fact that it did not should have been a red flag, as it is impossible to evaluate a feature without collecting a bare minimum of data.

Mozilla create a set of principles for Shield studies so that something like Looking Glass won't happen again.

All Shield studies must answer specific questions.

Shield studies will always respect user privacy.

All Shield studies adhere to the "scientific method for answering complex questions".

All Shield studies require a Product Hypothesis Doc which outlines the research question the study is trying to answer.

All Shield studies must be named accurately.

Looking Glass would fail in all but the second.

Closing Words

It is definitely a good thing that Mozilla created a set of guiding principles for Shield Studies. I would have preferred if the organization revealed a bit more about Looking Glass itself: was Mozilla paid for the promotion and how did not anyone object to the study by pointing out the, rather obvious, issues it had?

]]>Mozilla will release Firefox 58.0.1 in the coming 24-hour period to address a critical issue on Windows machines that causes page load failures in the browser and a critical security issue.

The update is not out yet at the time of writing but it will soon be released via the web browser's automatic update functionality. You can run manual checks for updates in Firefox by clicking on the menu icon and selecting Help > About Firefox from the menu that opens.

Users who prefer to download new versions instead can do so on the Mozilla website after the release as well.

Mozilla Firefox 58.0.1

The preliminary release notes list one issue as fixed in Firefox 58.0.1.

Bug 1433065, Firefox 58 is not loading any pages (including about: pages), is the main tracking bug for the issue. The user who opened the bug on Bugzilla describes the issue as Firefox not loading any web pages, including local ones, and showing a white background instead.

]]>https://www.ghacks.net/2018/01/29/mozilla-firefox-58-0-1-fix-for-white-pages-on-windows/feed/47Mozilla study analyzed privacy improving featureshttps://www.ghacks.net/2018/01/27/mozilla-study-analyzed-privacy-improving-features/
https://www.ghacks.net/2018/01/27/mozilla-study-analyzed-privacy-improving-features/#commentsSat, 27 Jan 2018 13:09:06 +0000https://www.ghacks.net/?p=141038"Can we improve privacy without breaking the Web", that was the question that Mozilla tried to find answers for in a recent study. The organization ran an opt-in study to learn how […]

]]>"Can we improve privacy without breaking the Web", that was the question that Mozilla tried to find answers for in a recent study. The organization ran an opt-in study to learn how privacy protections "affect users on websites".

Mozilla wanted to know whether the enabling of Tracking Protection breaks websites, if some privacy protections caused lower breakage than others, and if broken websites made users leave Firefox.

Mozilla Privacy Study

More than 19000 Firefox users joined the study and Mozilla assigned each user to a specific branch. Eight branches changed certain privacy-related settings in the Firefox browser and the ninth was the control group.

The study added a new button to Firefox's toolbar that users could interact with to report issues.

One rather interesting outcome of the study was that users of the Tracking Protection branch reported fewer issues than the control group. The control group reported an average of 0.24 problems per user while Tracking protection group users 0.23 problems. All other branches had a higher ratio of reported issues per user. Third-Party Cookies limited to visited came in last with 0.28 average issues per user of the group followed by users of the first-party Isolation group with 0.27 average issues.

Mozilla concluded that Tracking Protection's benefit, that is the blocking of some third-party connections and thus scripts on sites, outweighs the breakage that the enabling of the feature may cause.

The most promising preferences that improve privacy based on the composite breakage score of the study are Tracking Protection, Origin Only Referer to Third-Parties and session-only Third-Party Cookies.

Origin Only Referer to Third-Parties:

Reduces detail sent to trackers

Very few login failures

Very little mail breakage

Does not block ads

Referers are used to guarantee ad policies

Tracking Protection

Blocks known trackers completely

Speed boost

Very little mail breakage

Triggers adblocker-blocker walls

Blocks ads

Session-only Third-Party Cookies

Limits duration of tracking

Very little mail breakage

Some login and "unexpected signout" failures

Does not block ads

Mozilla launched Tracking Protection for regular browsing sessions for all users in Firefox 57. The organization plans to trim Referer values to origins in private browsing in Firefox 59.

Closing Words

Third-party scripts are a main source for issues that users experience on the Internet. The study showed that users report fewer problems when a chunk of these are blocked by the browser. A comparison to full content blocking in Firefox would have been useful as well.

Now You: Do you use privacy protections in your browser of choice? What do you do if you encounter issues?

]]>https://www.ghacks.net/2018/01/27/mozilla-study-analyzed-privacy-improving-features/feed/102Firefox Temporary Containers extensionhttps://www.ghacks.net/2018/01/25/firefox-temporary-containers-extension/
https://www.ghacks.net/2018/01/25/firefox-temporary-containers-extension/#commentsThu, 25 Jan 2018 20:26:31 +0000https://www.ghacks.net/?p=141011Temporary Containers is a WebExtensions add-on for the Firefox web browser that you may use to open sites automatically or manually in containers that get removed when the last open tab of […]

]]>Temporary Containers is a WebExtensions add-on for the Firefox web browser that you may use to open sites automatically or manually in containers that get removed when the last open tab of the container gets closed.

A container separates content in the web browser. The feature is not as powerful as using different browsing profiles, but it serves specific purposes and is easier to use. Containers keep cookies, local storage and cached files separate from other containers and non-container tabs. Users retain access to bookmarks, passwords or the browsing history, however.

You may use Containers for several purposes such as signing in to the same web service with multiple accounts or separating different tasks in containers to avoid ad retargeting for instance.

Temporary Containers

Temporary Containers supports an automatic and a manual mode. Links and URLs are opened in containers automatically by default. A new temporary container is created when you open a new Tab Page in Firefox, activate links so that they open in new tabs or browser windows, or activate links from third-party programs.

The main idea of the extension is to open sites in containers to separate data from the rest of the browser. It works similarly to the Firefox add-on Private Tab in this regard which added functionality to Firefox to open new sites in a private browsing tab in the same browser window. Private Tab is not compatible with Firefox 57 or newer.

The temp container is removed when you close the last tab and with it go cookies, cache and other data.

The extension comes with a solid set of preferences that let you customize its behavior. You may disable automatic mode there, and also change the container color, prefix, icon, and number. Icon and color can be randomized as well.

You can disable the automatic nature of the extension to load sites in temporary containers only on manual action. You may set global mouse actions for that, middle-mouse and Ctrl-key (CMD on Mac) and left mouse button, or for specific websites.

Temporary Containers adds other means of opening tabs in containers to the browser. It adds the option to the right-click context menu of links, mapped the keyboard shortcut Alt-C to the functionality, and adds an icon to Firefox's toolbar which opens a new container tab when you click on it.

Closing Words

Temporary Containers worked well during tests. It has several use cases, for example, to always load links on specific sites in a temporary container or for quickly reading articles without having the site set cookies or add files to the browser cache. It may not offer all functionality of Private Tabs, but if you are mostly concerned about cookies or local storage, it may be an option to deal with that.

]]>https://www.ghacks.net/2018/01/25/firefox-temporary-containers-extension/feed/9Firefox's Pocket integration may show sponsored stories soonhttps://www.ghacks.net/2018/01/25/firefoxs-pocket-integration-may-show-sponsored-stories-soon/
https://www.ghacks.net/2018/01/25/firefoxs-pocket-integration-may-show-sponsored-stories-soon/#commentsThu, 25 Jan 2018 10:49:43 +0000https://www.ghacks.net/?p=140997Mozilla started to integrate the read-it-later service Pocket in 2015 in the Firefox web browser. First as an option for users to save articles they encounter on the web for reading it […]

]]>Mozilla started to integrate the read-it-later service Pocket in 2015 in the Firefox web browser. First as an option for users to save articles they encounter on the web for reading it at a later time and some sort of bookmarking alternative, and then later on to power recommendations from around the Web on Firefox's New Tab page in the US, Canada and Germany.

Part of Firefox's userbase criticized Mozilla for integrating Pocket natively in the browser (as opposed to offering an add-on), others liked the integration and found it useful.

Firefox, Pocket and sponsored stories

Mozilla revealed future features of Firefox's Pocket integration yesterday on the Future Releases blog. Mozilla's engineers plan to show personalized recommendations and sponsored stories on Firefox's New Tab page.

Both features will land in Firefox Beta soon and only shown to a "small portion of U.S. users" to test the functionality and receive feedback on the implementation.

What’s next? We recently started testing personalized recommendations, and we will soon experiment with showing an occasional sponsored story within the Pocket Recommendations section in New Tab Page in Firefox Beta. This will be shown to a small portion of U.S. users as we start to test.

The new features are experiments and it is not a given that they will find their way into the Firefox release channel.

Firefox users can turn off sponsored content in the following way:

Click on the cogwheel icon on Firefox's New Tab page.

Uncheck "show sponsored stories" or "recommended by Pocket".

Mozilla's motivation

The current advertising model on the Web is broken according to Mozilla.

We believe the current model of web advertising is broken because it doesn’t respect user privacy, isn’t transparent, lacks control, all the while trending towards click-bait and low-quality content.

Mozilla's right in my opinion when it states that, and the brokeness of the advertising system is what drives users towards installing content blockers.

The organization uses Pocket's integration in Firefox to test a "responsible sponsored content model" that "supports high-quality content, respects user privacy, and that puts control back into the hands of users—and do so in a way that’s financially sustainable for the future health of the web".

Mozilla's model differs from traditional advertising models in several ways:

Closing Words

I'm not the target audience for sponsored stories or Pocket's integration in general. Heck, I don't interact with the New Tab page at all, and use it only to load new websites by interacting with Firefox's address bar.

This is not a Firefox-specific thing either, as I don't use the New Tab page in any browser.

The usefulness of sponsored content depends largely on the selection algorithm. While some users may object to sponsored suggestions, many probably won't mind as long as the recommended content is a good match. Those who do mind can turn off sponsored stories easily or turn off Pocket completely.

Now You: Has your stance on Pocket changed now that it is owned by Mozilla?

]]>Mozilla plans to release Firefox 58.0 to the stable channel on January 23, 2018. It is the first major update for Firefox's stable channel of 2018. Firefox 58.0 follows Firefox 57.0 which introduced major changes to the browser.

Note: The user profiles created with Firefox 58 are not compatible with earlier versions of the Firefox web browser. If you want to retain the option to downgrade Firefox to a previous version, create a new profile for that version.

Executive Summary

Firefox 58 user profiles are not compatible with older versions of Firefox.

Firefox 58 features performance improvements, new WebExtensions API, and other improvements.

Firefox 58.0 download and update

Mozilla plans to release Firefox 58.0 to the release channel on January 23, 2018. Firefox users can run manual checks for updates on the day to install the new Firefox release automatically in the browser.

Select Menu > Help > About Firefox to run a manual check for Firefox updates.

JavaScript Startup Bytecode Cache reduces the time between the "start of navigation" and when the "onload event for each website is fired". Mozilla noted in December 2017 that Firefox with JavaScript Startup Bytecode Cache enabled loads pages "on average 43ms faster".

If an extension changed one of the default or user set values, it is highlighted by Firefox. Even better, the name of the extension is listed so that you know right away which extension is responsible, and there is a "disable extension" button to disable it right away from the preferences page you are on.

WebExtensions API changes

Development of the WebExtensions-based add-on system is an ongoing process. A first initial set of APIs launched in Firefox 57 but work on improving those APIs and adding new APIs continued.

Firefox 58 features several API improvements. The Theme API supports new features to give theme creators more options and customization options.

Reader Mode, a feature of Firefox that converts articles on the Web into a format that improves readability, is now available via an API.

Firefox 58 features other improvements, including improvements to the webRequest API and a new option for extensions to change the default saerch engine. Mozilla added a prompt to prevent extensions from changing the search engine silently in the background.

Other Firefox 58.0 changes

Firefox Screenshots improvements: screenshots can be copied and pasted directly to the Clipboard, and it works in Private Browsing mode as well.

Credit Card Autofill support. You control the feature under Forms & Passwords on about:preferences#privacy. Note that this is rolled out gradually and may not be visible on your end yet.

Nepali ne-NP locale added.

Fixed a blank font issue if fonts for fonts installed in non-standard directories on Linux.

Warning to inform users and site owners about Mozilla's gradual distrust plan for Symantec certificate authority.

Firefox 58.0 Issues

Firefox 58.0 has two known unresolved issues that Mozilla hopes to address in future releases.

Audio playback may be disabled on Firefox for Windows over Remote Desktop Connection sessions. You can mitigate the issue by loading about:config?filter=security.sandbox.content.level and setting the value to 2.

Users who run screen readers may run into performance issues. Mozilla suggest that users use Firefox ESR until the issue is fixed.

Developer Changes

PerformanceNavigationTiming API implemented. It is controlled by the preference dom.enable_performance_navigation_timing (default true)

Implemented PerformanceResourceTiming.workerStart to give sites options to measure the Service Worker start performance.

Firefox 58.0 for Android

One of the main new features of Firefox 58 for Android is support for runtime permission request prompts. Extensions that you install in Firefox on Android display permission requirements during installation.

If an installation requires additional permissions during runtime, a prompt is displayed to the user to accept or deny these permissions.

Other changes include:

Support for Progressive Web Apps.

Performance improvements thanks to JavaScript Startup Bytecode Cache.

Option added to Sync only over non-metered connections.

Bengali bn-BD and Nepali ne-NP added.

Full screen bookmark management with folder support.

Support for FLAC playback.

Added ability to change the status bar color in themes.

Removed Firefox Search widget from home screen.

Safe Browsing protocol updated to version 4.

Security updates / fixes

Fixes are announced after the release of Firefox. We update the article once Mozilla publishes them.

You can access the list of security vulnerabilities fixed in Firefox 58 here.

If you use Firefox EST 52.6, check out the list of fixed security issues here.

]]>https://www.ghacks.net/2018/01/22/firefox-58-0/feed/50Firefox 59: security info and address bar suggestion changeshttps://www.ghacks.net/2018/01/19/firefox-59-security-info-and-address-bar-suggestion-changes/
https://www.ghacks.net/2018/01/19/firefox-59-security-info-and-address-bar-suggestion-changes/#commentsFri, 19 Jan 2018 09:25:12 +0000https://www.ghacks.net/?p=140857While Mozilla focuses much of its development resources on releasing Firefox 58 next week, work on the next Firefox version Firefox 59 continues as well. Firefox users who run Nightly, the cutting […]

Security information

Firefox 59 features the new Security Software section. I don't know whether this is a Windows-specific feature or available on all supported operating systems.

Firefox lists the installed antivirus, anti-spyware and firewall solution on the page. You don't get any control over the listed programs from within Firefox, but it may be useful in some edge cases, for instance, if downloads are blocked, and you need to troubleshoot the issue.

Firefox address bar search suggestions

Mozilla removed the Firefox search bar in the toolbar for new installations in Firefox 57 by default. Firefox users may still enable it, but it is off by default.

Starting in Firefox 59 -- if the schedule holds -- Firefox will display search suggestions before the browsing history suggestions in the address bar by default. Browsing history refers to open tabs, the history and bookmarks.

This change won't affect existing installations of the Firefox web browser before Firefox 57. Long-time Firefox users won't notice a change while the change is visible on new installs only.

Mozilla added a switch to the preferences that give Firefox users control over the order of suggestions.

Load about:preferences#search in the Firefox address bar.

The preference "Show search suggestions ahead of browsing history in address bar results" determines the order of suggestions. Uncheck it to return to the previous status quo.

Why is Mozilla doing this?

Javaun Moradi, product manager at Mozilla, who created the bug on Mozilla's Bugzilla site, provides an explanation:

In 57 we unified the address and search bars for new users. Some users may have a search-first workflow (we believe many Chrome users fall into this workflow) and some users have a history-first workflow (we believe most long-time Fx users fall into this workflow).

The feature is controlled by the String preference browser.urlbar.matchBuckets. It does not exist if the default value is set (default is to prioritize search before browsing history).

The value is set to general:5,suggestion:Infinity if you turn the feature off.

Closing Words

The order change won't affect existing Firefox installations according to Mozilla, and the preference ensures that Firefox users have full control over the feature.

]]>https://www.ghacks.net/2018/01/19/firefox-59-security-info-and-address-bar-suggestion-changes/feed/21Firefox and Chrome extensions that block add-on managementhttps://www.ghacks.net/2018/01/19/firefox-and-chrome-extensions-that-block-add-on-management/
https://www.ghacks.net/2018/01/19/firefox-and-chrome-extensions-that-block-add-on-management/#commentsFri, 19 Jan 2018 06:40:23 +0000https://www.ghacks.net/?p=140851A new breed of malicious browser extensions uses techniques to make the removal of these extensions more difficult to users and administrators. Malwarebytes revealed in a blog post how these extensions block […]

]]>A new breed of malicious browser extensions uses techniques to make the removal of these extensions more difficult to users and administrators.

Malwarebytes revealed in a blog post how these extensions block user access to the add-on management page of the browser and therefore removal from within the browser.

The Chrome extension Tiempo en colombia en vivo was available on the official Chrome Web Store but was distributed mostly on third-party websites.

The browser extension monitors open tabs while it runs. If the user opens chrome://extensions/, it will redirect the request to chrome://apps/?r=extensions automatically. This is done so that the user cannot remove the extension as it is not listed on the apps page.

The Firefox add-on FF Helper Protection shows similar traits. It monitors open tabs for the string about:addons to close the tab automatically if it is found.

Both extensions have in common that they prevent users from accessing the add-on management interface of the browser.

Removing the extensions

Chrome users have no option to remove the extension while Google Chrome is running. While it is possible to run Chrome with the --disable-extensions startup parameter, you won't get access to the extensions then in Chrome. You can open chrome://extensions, but no extensions are listed.

This leaves you with removing the extension from the profile folder instead. The location of the profile folder depends on the operating system. Here are the default locations:

Extensions are listed with IDs. You may be able to identify the offending extension based on the modification date. If that is not possible, open each folder and load the manifest.json file in a text editor.

If you are still unsure, use trial and error instead. Move all Chrome extensions to another folder and test each individually by moving them back to the Extensions folder and running Chrome.

Firefox users have it a bit easier. You can start the browser in Safe Mode to launch it with all extensions disabled. You still get access to these extensions so that you may remove them from about:addons.

The easiest way to start Safe Mode is to hold down the Shift-key while starting Firefox.

Select "Start in Safe Mode" and go to about:addons afterward. Locate the malicious extensions and click on the remove button next to it to uninstall it from the browser.

]]>https://www.ghacks.net/2018/01/19/firefox-and-chrome-extensions-that-block-add-on-management/feed/8Impressive WebAssembly Performance gains in Firefoxhttps://www.ghacks.net/2018/01/18/impressive-webassembly-performance-gains-in-firefox/
https://www.ghacks.net/2018/01/18/impressive-webassembly-performance-gains-in-firefox/#commentsThu, 18 Jan 2018 07:38:00 +0000https://www.ghacks.net/?p=140810Mozilla has been on the forefront of WebAssembly development, a relatively new technology that offers better performance on the Web than JavaScript in many cases. WebAssembly offers several advantages over JavaScript. It […]

]]>Mozilla has been on the forefront of WebAssembly development, a relatively new technology that offers better performance on the Web than JavaScript in many cases.

WebAssembly offers several advantages over JavaScript. It takes less time to fetch, decode and compile WebAssembly code compared to JavaScript. You can check out this overview on Mozilla Hacks for a detailed article on the differences between WebAssembly and JavaScript.

Edge's performance looks impressive on first glance but if you read this article on the MS Edge Development blog you will notice that Edge defers parsing WebAssembly functions until they are called.

Under the hood, Chakra defers parsing WebAssembly functions until called, unlike other engines that parse and JIT functions at startup time.

Lin notes that the optimizations allow Firefox on the desktop to compile 30 to 60 Megabytes of WebAssembly code per second. On "a pretty average" mobile, Firefox manages to compile 8 Megabytes per second.

Firefox users who run Beta or Nightly versions of the web browser can test the functionality already. You can run the basic benchmark that I linked above to see the difference, or run real-world applications or games that use WebAssembly instead.

]]>Tusk is a relatively new web browser extension for Chrome and Firefox -- and also compatible web browsers -- that adds support for KeePass password manager databases in supported browsers.

KeePass is my password manager of choice. I have multiple reasons for that, for example, that I have full control over the data and that the software passed a security audit recently.

I don't need sync or autofill functionality, mobile applications or online storage, but KeePass supports that through plugins, third-party programs or browser extensions. Users who require the functionality can use these tools to add it.

Tusk browser extension

Tusk is a browser extension that loads KeePass databases to make the authentication data available on the Web. The browser extension does not depend on a local KeePass extension but loads KeePass database files directly from cloud storage or the local system.

One limitation of Tusk is that you do need access to a KeePass database. If you don't have created one in the past already, you need to use KeePass or a compatible application to create a database file.

Installation of Tusk is a breeze. The extension adds an icon to the browser's main toolbar that you interact with. The extension loads a "getting started" guide on the first run that walks you through the steps of setting Tusk up correctly.

What you need to do is load a KeePass database either from a supported cloud hosting service, a shared link, or the local file system. You may load a sample database file as well to test the functionality without loading one of your databases.

Tusk supports keyfiles. Keyfiles improve security of KeePass databases and add a second factor to the authentication process.

The loading of the password database is just the first step of the process. Once you have done so, you need to click on the extension's icon in the browser's toolbar, fill out the master password, and click on unlock the database. The extension remembers the master password only for a period. The maximum is 8 hours or until the end of the browser session.

Tusk does not have access to the database file until it is unlocked, and it is read-only which means that it does not get access to the cloud storage and does not manipulate the database in any form.

Tusk is a fork of CKP, a browser extension for Google Chrome. The main goal of the extension is to improve the user interface, offer better security, and support for the KeePass KDBX 4 format.

Tusk can auto-fill usernames and passwords on sites but there is no option to save data to a loaded database. It is an open source application; you can check out the source of the extension on GitHub.

Closing Words

If you use KeePass or a compatible program and like better browser integration, Tusk may be what you are looking for. The extension had a couple of minor hiccups during setup and use, but nothing major.

]]>https://www.ghacks.net/2018/01/17/tusk-keepass-password-web-browser-extension/feed/14The Firefox Hardware Reporthttps://www.ghacks.net/2018/01/16/the-firefox-hardware-report/
https://www.ghacks.net/2018/01/16/the-firefox-hardware-report/#commentsTue, 16 Jan 2018 13:59:56 +0000https://www.ghacks.net/?p=140774The Firefox Hardware Report is a weekly updated report of the hardware used by a representative sample of Firefox's release channel user base. It is a tool for developers primarily but published […]

]]>The Firefox Hardware Report is a weekly updated report of the hardware used by a representative sample of Firefox's release channel user base.

It is a tool for developers primarily but published so that anyone may access it. It can be best compared to the Steam Hardware Survey which is a monthly report on the hardware and software used by a sample of Steam's population.

The Firefox Hardware Report answers interesting questions. It reveals the operating system distribution on the release channel, as well as the processor, graphics, and Flash distribution.

Firefox Hardware Report

The report website displays general distribution statistics at the top. The most used operating system is Windows 7 for instance followed by Windows 10, Windows 8.1 and Mac OS X. Windows 7 leads by 10% and sits comfortable at 45% of the market share.

Adobe Flash, which was once installed in nearly any browser on the market, continues to drop. About 64% of Firefox release channel installations have Flash installed at this point.

A click on "more details" displays charts that offer additional details. If you click on the link underneath operating systems, you get a chart that details operating system changes over time.

Windows 7 did not lose much market share in the past ten months while Windows 10 managed to slowly work its way up. The April 2017 stats show Windows 7 at about 48% and in January by 44%; not a large drop.

Windows 10 market share increased from 17% to now 34% in the ten-month period. Other Windows versions dropped, and other non-Windows systems remained steady in regards to market share. The chart excludes XP and Vista because the population was moved to Firefox ESR by Mozilla.

What about 32-bit vs. 64-bit? The Firefox Hardware Report answers that as well. Firefox 32-bit dominated much of the year but was surpassed by 64-bit versions of the browser in late October. More than 66% of the release channel population runs 64-bit versions of Firefox as of January 2018.

How does that correlate with the architecture of the operating system? 80% of operating systems are 64-bit according to Mozilla's statistics as of January 2018 indicating room for further growth.

The charts offer information that you don't find listed in summary at the top. There is a memory chart for instance that shows how much RAM systems have. Systems with 4, 8 and 16 Gigabytes of RAM are on the rise while systems with less than 4 Gigabytes are losing market share.

What about display resolution? This is probably the most crucial metric for web developers. The display resolution 1366x768 sites at 33% and 1920x1080 at 23% of the market share. No other resolution has a market share of more than 10%.

]]>https://www.ghacks.net/2018/01/16/the-firefox-hardware-report/feed/21How to stay safe when downloading Firefox extensionshttps://www.ghacks.net/2018/01/16/how-to-stay-safe-when-downloading-firefox-extensions/
https://www.ghacks.net/2018/01/16/how-to-stay-safe-when-downloading-firefox-extensions/#commentsTue, 16 Jan 2018 09:57:32 +0000https://www.ghacks.net/?p=140762The following guide offers tips and instructions for staying safe when you download extensions for the Mozilla Firefox web browser. The past year has been eventful for users of the Firefox web […]

Mozilla dropped the old add-on system of Firefox and replaced it with WebExtensions. WebExtensions is the same system that Google Chrome and other Chromium-based browsers support. Mozilla's plan was, however, to extend the capabilities of WebExtensions further than what Chrome supported.

Firefox WebExtensions have access to features that can make them more potent than their Chrome counterparts.

One of the reasons that Mozilla offered for switching to WebExtensions was that classic add-ons had too much control over the browser. WebExtensions limit what developers can do which benefits security and stability of the browser.

A look over to Chrome's Web Store for extensions shows, however, that WebExtensions may still be abused to spy on users, steal data, or abuse user devices in other ways.

Staying safe when downloading Firefox add-ons

AMO, Add-ons Mozilla Org, is the primary hub for Firefox extensions. It is the official extension directory, and users may use it to browse, search for and install browser extensions.

The store lists classic add-ons and WebExtensions currently. Mozilla announced plans in 2017 to remove traditional add-ons from the Store after Firefox ESR hits version 60. Firefox ESR is the only official Firefox version right now that supports legacy add-ons. The next version of the extended support release will end that.

This is the same system that Google users for Chrome extensions. Mozilla will check add-ons manually eventually but only after the fact. That's different to how Google handles things and improves security.

There is no manual verification indicator on the site right now which means that you don't know if an extension was reviewed manually.

Crypto-mining extensions slipped passed the automatic review process already, and while the situation is arguable a lot betterthanon Chrome's Web Store, there is a chance that problematic extensions may end up on AMO.

So, what can you do about it?

If you have the skills, verify extensions yourself. Download the extension to your local system, extract the XPI file, and go through the code.

If you cannot do that, you may use the following methods to reduce the chance of installing problematic extensions:

Don't install extensions directly when they are made available. You increase the likelihood that an extension was reviewed by Mozilla if you wait a couple of days.

Read the user reviews and check general stats (rating, number of users, add-on history). Extensions with good ratings, lots of installs and good reviews are better than extensions with no reviews, no ratings, and no comments. This is not a 100% safeguard either. Hackers managed to take over Google accounts of Chrome developers in the past to upload manipulated new versions of trusted extensions to the Store.

Check the developer profile. Developers who maintain multiple extensions and maintained extensions for a long time are more trustworthy.

Closing Words

Don't get me wrong. I'm not advocating that Firefox users should not install add-ons anymore. Firefox users need to be aware of the dangers of the new review system. It is easy enough to see how bad things can become by looking at the situation over on Chrome's Web Store. Mozilla's system is still better than Google's. The organization should consider adding a visible flag to extensions that have not been reviewed manually yet.

]]>https://www.ghacks.net/2018/01/16/how-to-stay-safe-when-downloading-firefox-extensions/feed/24Malwarebytes for Firefox extensionhttps://www.ghacks.net/2018/01/13/malwarebytes-for-firefox-extension/
https://www.ghacks.net/2018/01/13/malwarebytes-for-firefox-extension/#commentsSat, 13 Jan 2018 08:14:59 +0000https://www.ghacks.net/?p=140699Malwarebytes for Firefox is a new browser extension for the Firefox web browser by security company Malwarebytes. The release of the browser extension came out of the blue; the Malwarebytes website makes […]

The release of the browser extension came out of the blue; the Malwarebytes website makes no mention of the release which leaves the Firefox add-on page and the extension itself as the only source of information.

The description reveals that Malwarebytes for Firefox "detects and protects against malware, scams, and deceptive advertising on the web".

The extension is brand new and labeled as beta right now. Malwarebytes did not release a Chrome version of the extension.

Firefox users don't need Malwarebytes installed on their device; the extension makes no mention of it, and the ad-blocking works fine without a Malwarebytes installation.

Note: I contacted Malwarebytes to get a definitive answer on whether the add-on is an official product or not. An admin on the official Malwarebytes forum confirmed that the extension is legitimate.

Related Malwarebytes articles

Malwarebytes for Firefox

Installation of the add-on is straightforward. It requests access to the browser tabs, all website data and to store unlimited data on the device Firefox is run on. These are pretty standard requests for extensions that detect and block malicious content in browsers.

Malwarebytes for Firefox adds an icon to the browser's address bar. It highlights threats (malware, ads, tracker..) with numbers but does not reveal additional information when you click on the extension icon. You can disable protection for the active site using the menu.

A link to settings is provided which provides controls and additional information.

The protection tab lists the four protective modules that Malwarebytes for Firefox supports:

Malware Protection

Scam Protection

Advertising / tracker protection

Clickbait protection

You can disable any module individually, or all of them at once using the menu.

The second tab, exclusions, is a whitelist for sites. Any site that you added to the whitelist is listed on this page.

Malwarebytes for Firefox blocks advertisement and serious threats. The number that it displays on top of its icon when you visit websites indicates the total number of blocked items.

Closing Words

Malwarebytes for Firefox adds another protective layer to he Firefox web browser. It is not the only protection that Firefox users have. Firefox itself includes protection powered by Google SafeBrowsing and if a resident security program is installed, it may protect against threats as well.

It is too early to tell how effective Malwarebytes for Firefox is in the grand scheme of things. (via Techdows)

Now You: What is your first impression of this new security extension for Firefox?